skills/hubblevision/hubble-data-service-skill/hk-realtime-quote/Snyk

hk-realtime-quote

Fail

Audited by Snyk on May 8, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The skill embeds a literal API key ("X-API-Key: 123456") in its curl AUTH examples and instructs using those headers, which requires the agent to include the secret verbatim in generated commands/requests, an insecure pattern that can lead to exfiltration.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

May 8, 2026, 02:50 PM

Issues

1